Mercurial > hg > graal-compiler
comparison src/share/vm/compiler/compilerOracle.cpp @ 2077:781072b12368
6765546: Wrong sscanf used to parse CompilerOracle command >= 32 characters could lead to crash
Reviewed-by: kvn, iveresov
author | never |
---|---|
date | Tue, 14 Dec 2010 23:17:00 -0800 |
parents | f95d63e2154a |
children | 3582bf76420e |
comparison
equal
deleted
inserted
replaced
2076:7737fa7ec2b5 | 2077:781072b12368 |
---|---|
330 static OracleCommand parse_command_name(const char * line, int* bytes_read) { | 330 static OracleCommand parse_command_name(const char * line, int* bytes_read) { |
331 assert(ARRAY_SIZE(command_names) == OracleCommandCount, | 331 assert(ARRAY_SIZE(command_names) == OracleCommandCount, |
332 "command_names size mismatch"); | 332 "command_names size mismatch"); |
333 | 333 |
334 *bytes_read = 0; | 334 *bytes_read = 0; |
335 char command[32]; | 335 char command[33]; |
336 int result = sscanf(line, "%32[a-z]%n", command, bytes_read); | 336 int result = sscanf(line, "%32[a-z]%n", command, bytes_read); |
337 for (uint i = 0; i < ARRAY_SIZE(command_names); i++) { | 337 for (uint i = 0; i < ARRAY_SIZE(command_names); i++) { |
338 if (strcmp(command, command_names[i]) == 0) { | 338 if (strcmp(command, command_names[i]) == 0) { |
339 return (OracleCommand)i; | 339 return (OracleCommand)i; |
340 } | 340 } |
468 char* original_line = line; | 468 char* original_line = line; |
469 int bytes_read; | 469 int bytes_read; |
470 OracleCommand command = parse_command_name(line, &bytes_read); | 470 OracleCommand command = parse_command_name(line, &bytes_read); |
471 line += bytes_read; | 471 line += bytes_read; |
472 | 472 |
473 if (command == UnknownCommand) { | |
474 tty->print_cr("CompilerOracle: unrecognized line"); | |
475 tty->print_cr(" \"%s\"", original_line); | |
476 return; | |
477 } | |
478 | |
473 if (command == QuietCommand) { | 479 if (command == QuietCommand) { |
474 _quiet = true; | 480 _quiet = true; |
475 return; | 481 return; |
476 } | 482 } |
477 | 483 |
496 symbolHandle signature; | 502 symbolHandle signature; |
497 | 503 |
498 line += bytes_read; | 504 line += bytes_read; |
499 // there might be a signature following the method. | 505 // there might be a signature following the method. |
500 // signatures always begin with ( so match that by hand | 506 // signatures always begin with ( so match that by hand |
501 if (1 == sscanf(line, "%*[ \t](%254[);/" RANGEBASE "]%n", sig + 1, &bytes_read)) { | 507 if (1 == sscanf(line, "%*[ \t](%254[[);/" RANGEBASE "]%n", sig + 1, &bytes_read)) { |
502 sig[0] = '('; | 508 sig[0] = '('; |
503 line += bytes_read; | 509 line += bytes_read; |
504 signature = oopFactory::new_symbol_handle(sig, CHECK); | 510 signature = oopFactory::new_symbol_handle(sig, CHECK); |
505 } | 511 } |
506 | 512 |